Linksys Router Owners - HEADS UP!

**annihilator_god** · June 4th, 2004, 01:44 AM

yes negative, i did spell defaults incorrectly in my "exploit" (if that's what you want to call it).
So that might be the problem... but i'm still just a newbie... i need to go download the source code from linksys again.

one more little thing negative, you might have overlooked this in your link... but there should be a ? between cgi and sysPasswd, like this: cgi?sysPasswd

and trying it with defaults spelled correctly has the same effect. So it's just some buffer overrun, right?

***Spyder32*** · June 4th, 2004, 01:56 AM

port forwarding

*Raises hand* I feel your pain. I have that added on as well and it becomes irritable all around like you said.

**annihilator_god** · June 4th, 2004, 02:08 AM

Well, i just got a reply from a support guy at linksys.

are you certain that you didn't have any web browser
windows open? If one web browser window was still open (not necessarily
one that you were using to access the router), the browser session would
still be authenticated. Can you please confirm this, and possibly
retry your test?

What happened is that i had logged in before running the link, and never closed every browser window. Upon reading this, i did close all of my browser windows and was prompted for the password before i could get in.

**nihil** · June 4th, 2004, 02:14 AM

Hmmmmmmm,

I have seen a number of threads on this forum that suggest that a router/firewall is all that you need and that software firewalls are irrelevant crap.

Has anyone had a slight change of heart?

Please remember that the ancient members of my family do not even know what that "grey box" does..........although perhaps I should say "should do".............

Quotation:

"My name is Ozymandias, King of Kings,
Look upon my works ye mighty, and despair"

just a thought?

Whatever happened to intellectual honesty and ubris?

***Spyder32*** · June 4th, 2004, 02:22 AM

I have seen a number of threads on this forum that suggest that a router/firewall is all that you need and that software firewalls are irrelevant crap.

Depend's how you look at it, really. It also depend's on the purpose and use of the machine, how much/often it's used, etc etc. That's a two-sided argument that we don't wanna get into right now

***phishphreek*** · June 4th, 2004, 03:10 AM

Originally posted here by nihil
Hmmmmmmm,

I have seen a number of threads on this forum that suggest that a router/firewall is all that you need and that software firewalls are irrelevant crap.

Has anyone had a slight change of heart?

You should never rely on just one layer of security. This is exactly the reason I use multiple layers. Fortunately... I don't use linksys... but I use a Cisco router as my boarder router/firewall. (yes... I realize that cisco now owns linksys) Should anything "slip" past it... I've got more layers.

Maybe this will just be another "lesson learned"?

If one wanted... they could easily have two devices at the boarder. The linksys and then an old cheap box (you know you all have them stuffed in your basement/closets) as the second method of protection. IPCop or Smoothwall woud be perfect for a job like this. Easy to configure and a hell of a lot more options than the linksys should anything slip past it.

In this case... it won't matter too much...because its a DoS and the router will still have to be reset, but it *could* have been much worse?

Just curious... as I haven't used one of these Linksys routers in a long time.. but the newer firmware does give you an option to backup your configurations... right? Maybe that was D-Link?

Anyway... what are you doing here? You should be patching your "router"!
(If your model has a patch...)

***IKnowNot*** · June 4th, 2004, 06:36 AM

I believe the pertinent phrase was if they can get admin access.

silly me, I thought the pertinent phrase was

"is the perfect option to connect multiple PCs to a high-speed Broadband Internet connection or to an Ethernet back-bone.

I thought there were only three perfect things in this world, and two of them are Senior members of AO.

Thanks for the info thehorse13, I would have missed it. I'm sure I'll be getting alot of questions because of this, like "... my router crapped out, what do you recomend I replace it with?"

phishphreek80 hit the nail on the head here. Layered security. How many times does this have to be mentioned? Everytime I think the message is moot and EVERYONE has resolved it as second nature, I read another article on how someone has come up with the ultimate security solution which purportedly solves all.

Security is a team effort: from the chip manufactures to the programs of the bios, OS, drivers, and runtime programs, to the CIOs, network anmins, techs, and finally users. The same is as true for the hardware as software.

"The chain is only as strong as the weakest link" ( have no idea who said that, but damn if it ain't true!)

***Lansing_Banda*** · June 4th, 2004, 07:17 AM

Okay I just tested the exploit against the previous BEFSR41 (not the ver 3) and I suffered nothing but a pop up asking for my username and password. Victory tastes so sweet. Anyways, I guess if you change your username and password you are safe. Either that or the old one is just better. Either way I am going to sleep a happy man!

***thehorse13*** · June 4th, 2004, 11:01 AM

Tested on BEFSR41 v1, Firmware 1.45.7. The exploit works as described.

***Tiger Shark*** · June 4th, 2004, 11:59 AM

Linksys BEFSR41
Firmware: 1.43, Sep 04 2002

Clicked the link in annihilator's post: Password required.

Fixed the link, ("Defaults"): Password required.

Noticed all the <br> tags.... removed them: Password required.

I can't seem to make it do anything but bring up the password box..... Maybe I'm dumb or something....

Thread: Linksys Router Owners - HEADS UP!

Thread Tools

Display

Posting Permissions